|
Read the rules in the OP before posting, please.In order to ensure that this thread continues to meet TL standards and follows the proper guidelines, we will be enforcing the rules in the OP more strictly. Be sure to give them a re-read to refresh your memory! The vast majority of you are contributing in a healthy way, keep it up! NOTE: When providing a source, explain why you feel it is relevant and what purpose it adds to the discussion if it's not obvious. Also take note that unsubstantiated tweets/posts meant only to rekindle old arguments can result in a mod action. |
|
|
On March 08 2017 03:00 LegalLord wrote:Show nested quote +On March 08 2017 02:49 LightSpectra wrote:On March 08 2017 02:45 LegalLord wrote:On March 08 2017 02:23 LightSpectra wrote:On March 08 2017 02:16 LegalLord wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. While true, none of those things remain unhacked. Many are of the "steal some coinage" variety but also espionage. Malicious destructive hacks are rare, of course, because national governments that hack each other would receive some pretty hefty retaliation. I really don't think you have any idea what you're talking about. Well, good for you. You're wrong. Go ahead and add something more than one-liners if you have some "depth" to add to the discussion rather than simply talking about how no one else knows what they're talking about. Very well. Your claim seems to be that national government hacks (and I suppose also financial systems) are very possible, it's just that most governments don't bother because it would be too destructive. What is your evidence for that claim? I suppose the most direct evidence that you can hack financial systems and "national governments" (well I meant in the sense that "nation-states hack each other" because "national government" isn't any one cyber entity) is that such hacks actually exist. The Russians hacked US financial systems before, for the purpose of studying the way the financial market functions. Hacking banks is a rather well-known reality, as perhaps the point RisK made would indicate. Various agencies in the government, e.g. the OPM (China hack) have been recorded as well. Regarding why hacking for malicious, destructive purposes like destroying systems is rare(r)... well I would think that would be somewhat obvious from a common sense evaluation of it, but we could simply look at the political treatment of malicious hacking. NATO, for example, considers cyber warfare to be the same as regular warfare for the purposes of Article 5. And it goes without saying that "we can hack you too" is always a reality for any hacking done.
Yeah, but all of those major hacks like OPM and Yahoo were found to be due to absurdly negligent security practices on behalf of the ones getting hacked.
That actually strongly suggests that the financial transaction system and our national security comms are not really hackable. If they were, those people that went after Target and Home Depot would be salivating over the opportunity.
|
Trump has been on a Twitter rampage this morning, to be sure.
|
He doesnt have to fact check because his supporters, for who he is tweeting this, don't do it either.
|
On March 08 2017 02:56 LightSpectra wrote:Show nested quote +On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. Show nested quote +On March 08 2017 02:54 Plansix wrote:On March 08 2017 02:49 Acrofales wrote:On March 08 2017 02:42 Plansix wrote:On March 08 2017 02:35 LightSpectra wrote:On March 08 2017 02:31 Plansix wrote:On March 08 2017 02:09 LightSpectra wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. Sorry, that's really just not true. I really hope you don't work in IT for anything important. On March 08 2017 02:04 Plansix wrote:
We have been to soft on wikileaks and unwilling to deal with them head on. We had the ability to assert enough political pressure to deal with them a long time ago, but no one wanted to. Hopefully that will change, because they are not going away. Is this sarcasm? I would've thought you were a big WikiLeaks proponent. They are a third party organization of unknown affiliation that releases stolen information for their own personal enrichment. They are accountable to no one but their unknown backers. Even reporters citing anonymous sources can be held accountable for what they report and have served jail time for protecting a source. Wikileaks takes none of these risks while getting paid unknown amounts of money from unknown parties. I am not naïve enough to think they have my best interest in mind. Snowden is another matter. Although I supported him leaking some information, he also used that information to buy passage through Hong Kong and to Russia. And god knows what he traded to Russia to be able to stay there. Basically, speaking truth to power from safety does not impress me. The reporter who was jailed for protecting a source during the GW administration is far more impressive. For their own personal enrichment, lol. As everybody knows, Assange is currently living like royalty in that embassy he can't leave under threat of assassination. They have an NDA for their employees. https://www.wired.com/2011/05/nda-wikileaks/It specifically cites that they are not allowed to release information because it would diminish it's value. Assange is just one member of wikileaks. We don't know much else. How big is their staff? Where do they operate out out of? Who pays them? This is all information I would like to know. Wikileaks talks about forcing transparency on goverments and I only want the same level of transparency for wikileaks. That seems fair. Who watches the watchmen? Exactly. As powerful as the CIA and NSA are, the US citizens have far more power over them than wikileaks. We know where they operate. They have lists of employees and answer to the Senate and house. Wikileaks answers to god knows who? Leaks of information are fine, but I have no idea how long wikileaks has been camping on this information. It looks to be targeted at influencing the upcoming election in France. That isn't a free exchange of information and transparency. It is a targeted leak with a specific political goal in mind. Wikileaks isn't releasing information about people spying on the US. But I am 100% sure France spies on us. And you think it would be better if nobody knew, rather than WikiLeaks being strategic with their information and leaking when it would be most effective?
I would prefer that the goverment put Samsung on blast for making TV with a mic on it that can be hacked into, but that didn't happen. But it isn't a zero sum game for me. I think the information is important, but I do not like how it is being weaponized against elections.
Long term, this could be very damaging to the internet as we know it. Endless security isn't going to save us from this problem, especially in the "the internet of things" era. Right now it is just one group doing this. But what happens when every nation starts hacking every political party in the lead up to elections. We have endless leaks from unknown parties and a limited ability to vet that information.
|
On March 08 2017 03:00 RealityIsKing wrote:Show nested quote +On March 08 2017 02:56 LightSpectra wrote:On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. Yeah not going to argue with you any further. You first threw one liner without any explanation, then you use personal insult as your main argument point while attempting to shift the goalpost, now you are using argument to the absurdity. Its very offensive.
Nope. You're the one who made the claim: "Anyone works in IT already know once you are connected to a network, anything is hackable."
I asked you to prove this. Your proof requires one to be able to make some kind of cryptographical attack that is not known to be possible yet. Are you smarter than the world's best cryptographers, or are you talking out of your ass?
|
On March 08 2017 03:06 Plansix wrote:Show nested quote +On March 08 2017 02:56 LightSpectra wrote:On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. On March 08 2017 02:54 Plansix wrote:On March 08 2017 02:49 Acrofales wrote:On March 08 2017 02:42 Plansix wrote:On March 08 2017 02:35 LightSpectra wrote:On March 08 2017 02:31 Plansix wrote:On March 08 2017 02:09 LightSpectra wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. Sorry, that's really just not true. I really hope you don't work in IT for anything important. On March 08 2017 02:04 Plansix wrote:
We have been to soft on wikileaks and unwilling to deal with them head on. We had the ability to assert enough political pressure to deal with them a long time ago, but no one wanted to. Hopefully that will change, because they are not going away. Is this sarcasm? I would've thought you were a big WikiLeaks proponent. They are a third party organization of unknown affiliation that releases stolen information for their own personal enrichment. They are accountable to no one but their unknown backers. Even reporters citing anonymous sources can be held accountable for what they report and have served jail time for protecting a source. Wikileaks takes none of these risks while getting paid unknown amounts of money from unknown parties. I am not naïve enough to think they have my best interest in mind. Snowden is another matter. Although I supported him leaking some information, he also used that information to buy passage through Hong Kong and to Russia. And god knows what he traded to Russia to be able to stay there. Basically, speaking truth to power from safety does not impress me. The reporter who was jailed for protecting a source during the GW administration is far more impressive. For their own personal enrichment, lol. As everybody knows, Assange is currently living like royalty in that embassy he can't leave under threat of assassination. They have an NDA for their employees. https://www.wired.com/2011/05/nda-wikileaks/It specifically cites that they are not allowed to release information because it would diminish it's value. Assange is just one member of wikileaks. We don't know much else. How big is their staff? Where do they operate out out of? Who pays them? This is all information I would like to know. Wikileaks talks about forcing transparency on goverments and I only want the same level of transparency for wikileaks. That seems fair. Who watches the watchmen? Exactly. As powerful as the CIA and NSA are, the US citizens have far more power over them than wikileaks. We know where they operate. They have lists of employees and answer to the Senate and house. Wikileaks answers to god knows who? Leaks of information are fine, but I have no idea how long wikileaks has been camping on this information. It looks to be targeted at influencing the upcoming election in France. That isn't a free exchange of information and transparency. It is a targeted leak with a specific political goal in mind. Wikileaks isn't releasing information about people spying on the US. But I am 100% sure France spies on us. And you think it would be better if nobody knew, rather than WikiLeaks being strategic with their information and leaking when it would be most effective? I would prefer that the goverment put Samsung on blast for making TV with a mic on it that can be hacked into, but that didn't happen. But it isn't a zero sum game for me. I think the information is important, but I do not like how it is being weaponized against elections. Long term, this could be very damaging to the internet as we know it. Endless security isn't going to save us from this problem, especially in the "the internet of things" era. Right now it is just one group doing this. But what happens when every nation starts hacking every political party in the lead up to elections. We have endless leaks from unknown parties and a limited ability to vet that information.
I agree with you 100% that the negligent security practices around the IoT/smart world is appalling and a major cause for concern. But we have two options here, either governments can hoard all of the known exploits and then we can live under them like peasants in a fascist regime, or people like WikiLeaks can leak them so we can all be safe together.
|
|
|
On March 08 2017 03:04 LightSpectra wrote:Show nested quote +On March 08 2017 03:00 LegalLord wrote:On March 08 2017 02:49 LightSpectra wrote:On March 08 2017 02:45 LegalLord wrote:On March 08 2017 02:23 LightSpectra wrote:On March 08 2017 02:16 LegalLord wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. While true, none of those things remain unhacked. Many are of the "steal some coinage" variety but also espionage. Malicious destructive hacks are rare, of course, because national governments that hack each other would receive some pretty hefty retaliation. I really don't think you have any idea what you're talking about. Well, good for you. You're wrong. Go ahead and add something more than one-liners if you have some "depth" to add to the discussion rather than simply talking about how no one else knows what they're talking about. Very well. Your claim seems to be that national government hacks (and I suppose also financial systems) are very possible, it's just that most governments don't bother because it would be too destructive. What is your evidence for that claim? I suppose the most direct evidence that you can hack financial systems and "national governments" (well I meant in the sense that "nation-states hack each other" because "national government" isn't any one cyber entity) is that such hacks actually exist. The Russians hacked US financial systems before, for the purpose of studying the way the financial market functions. Hacking banks is a rather well-known reality, as perhaps the point RisK made would indicate. Various agencies in the government, e.g. the OPM (China hack) have been recorded as well. Regarding why hacking for malicious, destructive purposes like destroying systems is rare(r)... well I would think that would be somewhat obvious from a common sense evaluation of it, but we could simply look at the political treatment of malicious hacking. NATO, for example, considers cyber warfare to be the same as regular warfare for the purposes of Article 5. And it goes without saying that "we can hack you too" is always a reality for any hacking done. Yeah, but all of those major hacks like OPM and Yahoo were found to be due to absurdly negligent security practices on behalf of the ones getting hacked. That actually strongly suggests that the financial transaction system and our national security comms are not really hackable. If they were, those people that went after Target and Home Depot would be salivating over the opportunity.
Sure, negligent security practices play an important role in getting hacked - and of course in increasing the scope of what actually got hacked. Doesn't mean that any more secure targets can't be hacked. Vulnerabilities come in many forms and not all of them are "your fault."
It's certainly not a "Wild West" of "anything out there can be hacked whenever you want" but it's very far from "nothing can be hacked if it has good security practices."
|
On March 08 2017 03:08 LightSpectra wrote:Show nested quote +On March 08 2017 03:06 Plansix wrote:On March 08 2017 02:56 LightSpectra wrote:On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. On March 08 2017 02:54 Plansix wrote:On March 08 2017 02:49 Acrofales wrote:On March 08 2017 02:42 Plansix wrote:On March 08 2017 02:35 LightSpectra wrote:On March 08 2017 02:31 Plansix wrote:On March 08 2017 02:09 LightSpectra wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. Sorry, that's really just not true. I really hope you don't work in IT for anything important. On March 08 2017 02:04 Plansix wrote:
We have been to soft on wikileaks and unwilling to deal with them head on. We had the ability to assert enough political pressure to deal with them a long time ago, but no one wanted to. Hopefully that will change, because they are not going away. Is this sarcasm? I would've thought you were a big WikiLeaks proponent. They are a third party organization of unknown affiliation that releases stolen information for their own personal enrichment. They are accountable to no one but their unknown backers. Even reporters citing anonymous sources can be held accountable for what they report and have served jail time for protecting a source. Wikileaks takes none of these risks while getting paid unknown amounts of money from unknown parties. I am not naïve enough to think they have my best interest in mind. Snowden is another matter. Although I supported him leaking some information, he also used that information to buy passage through Hong Kong and to Russia. And god knows what he traded to Russia to be able to stay there. Basically, speaking truth to power from safety does not impress me. The reporter who was jailed for protecting a source during the GW administration is far more impressive. For their own personal enrichment, lol. As everybody knows, Assange is currently living like royalty in that embassy he can't leave under threat of assassination. They have an NDA for their employees. https://www.wired.com/2011/05/nda-wikileaks/It specifically cites that they are not allowed to release information because it would diminish it's value. Assange is just one member of wikileaks. We don't know much else. How big is their staff? Where do they operate out out of? Who pays them? This is all information I would like to know. Wikileaks talks about forcing transparency on goverments and I only want the same level of transparency for wikileaks. That seems fair. Who watches the watchmen? Exactly. As powerful as the CIA and NSA are, the US citizens have far more power over them than wikileaks. We know where they operate. They have lists of employees and answer to the Senate and house. Wikileaks answers to god knows who? Leaks of information are fine, but I have no idea how long wikileaks has been camping on this information. It looks to be targeted at influencing the upcoming election in France. That isn't a free exchange of information and transparency. It is a targeted leak with a specific political goal in mind. Wikileaks isn't releasing information about people spying on the US. But I am 100% sure France spies on us. And you think it would be better if nobody knew, rather than WikiLeaks being strategic with their information and leaking when it would be most effective? I would prefer that the goverment put Samsung on blast for making TV with a mic on it that can be hacked into, but that didn't happen. But it isn't a zero sum game for me. I think the information is important, but I do not like how it is being weaponized against elections. Long term, this could be very damaging to the internet as we know it. Endless security isn't going to save us from this problem, especially in the "the internet of things" era. Right now it is just one group doing this. But what happens when every nation starts hacking every political party in the lead up to elections. We have endless leaks from unknown parties and a limited ability to vet that information. I agree with you 100% that the negligent security practices around the IoT/smart world is appalling and a major cause for concern. But we have two options here, either governments can hoard all of the known exploits and then we can live under them like peasants in a fascist regime, or people like WikiLeaks can leak them so we can all be safe together.
I reject your binary option. We have more options. That exploit could have been discovered by someone else and released publicly.
|
On March 08 2017 03:06 Plansix wrote:Show nested quote +On March 08 2017 02:56 LightSpectra wrote:On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. On March 08 2017 02:54 Plansix wrote:On March 08 2017 02:49 Acrofales wrote:On March 08 2017 02:42 Plansix wrote:On March 08 2017 02:35 LightSpectra wrote:On March 08 2017 02:31 Plansix wrote:On March 08 2017 02:09 LightSpectra wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. Sorry, that's really just not true. I really hope you don't work in IT for anything important. On March 08 2017 02:04 Plansix wrote:
We have been to soft on wikileaks and unwilling to deal with them head on. We had the ability to assert enough political pressure to deal with them a long time ago, but no one wanted to. Hopefully that will change, because they are not going away. Is this sarcasm? I would've thought you were a big WikiLeaks proponent. They are a third party organization of unknown affiliation that releases stolen information for their own personal enrichment. They are accountable to no one but their unknown backers. Even reporters citing anonymous sources can be held accountable for what they report and have served jail time for protecting a source. Wikileaks takes none of these risks while getting paid unknown amounts of money from unknown parties. I am not naïve enough to think they have my best interest in mind. Snowden is another matter. Although I supported him leaking some information, he also used that information to buy passage through Hong Kong and to Russia. And god knows what he traded to Russia to be able to stay there. Basically, speaking truth to power from safety does not impress me. The reporter who was jailed for protecting a source during the GW administration is far more impressive. For their own personal enrichment, lol. As everybody knows, Assange is currently living like royalty in that embassy he can't leave under threat of assassination. They have an NDA for their employees. https://www.wired.com/2011/05/nda-wikileaks/It specifically cites that they are not allowed to release information because it would diminish it's value. Assange is just one member of wikileaks. We don't know much else. How big is their staff? Where do they operate out out of? Who pays them? This is all information I would like to know. Wikileaks talks about forcing transparency on goverments and I only want the same level of transparency for wikileaks. That seems fair. Who watches the watchmen? Exactly. As powerful as the CIA and NSA are, the US citizens have far more power over them than wikileaks. We know where they operate. They have lists of employees and answer to the Senate and house. Wikileaks answers to god knows who? Leaks of information are fine, but I have no idea how long wikileaks has been camping on this information. It looks to be targeted at influencing the upcoming election in France. That isn't a free exchange of information and transparency. It is a targeted leak with a specific political goal in mind. Wikileaks isn't releasing information about people spying on the US. But I am 100% sure France spies on us. And you think it would be better if nobody knew, rather than WikiLeaks being strategic with their information and leaking when it would be most effective? I would prefer that the goverment put Samsung on blast for making TV with a mic on it that can be hacked into, but that didn't happen. But it isn't a zero sum game for me. I think the information is important, but I do not like how it is being weaponized against elections. Long term, this could be very damaging to the internet as we know it. Endless security isn't going to save us from this problem, especially in the "the internet of things" era. Right now it is just one group doing this. But what happens when every nation starts hacking every political party in the lead up to elections. We have endless leaks from unknown parties and a limited ability to vet that information.
The internet of things means basically every device is a bug or a backdoor into another device which can be bugged. Wasn't there some hubbub about how wireless printers or something could be exploited awhile ago? We knew all this already. Color me surprised that intelligence agents are using all this stuff to, y'know, gather intelligence.
|
On March 08 2017 03:09 LegalLord wrote:Show nested quote +On March 08 2017 03:04 LightSpectra wrote:On March 08 2017 03:00 LegalLord wrote:On March 08 2017 02:49 LightSpectra wrote:On March 08 2017 02:45 LegalLord wrote:On March 08 2017 02:23 LightSpectra wrote:On March 08 2017 02:16 LegalLord wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. While true, none of those things remain unhacked. Many are of the "steal some coinage" variety but also espionage. Malicious destructive hacks are rare, of course, because national governments that hack each other would receive some pretty hefty retaliation. I really don't think you have any idea what you're talking about. Well, good for you. You're wrong. Go ahead and add something more than one-liners if you have some "depth" to add to the discussion rather than simply talking about how no one else knows what they're talking about. Very well. Your claim seems to be that national government hacks (and I suppose also financial systems) are very possible, it's just that most governments don't bother because it would be too destructive. What is your evidence for that claim? I suppose the most direct evidence that you can hack financial systems and "national governments" (well I meant in the sense that "nation-states hack each other" because "national government" isn't any one cyber entity) is that such hacks actually exist. The Russians hacked US financial systems before, for the purpose of studying the way the financial market functions. Hacking banks is a rather well-known reality, as perhaps the point RisK made would indicate. Various agencies in the government, e.g. the OPM (China hack) have been recorded as well. Regarding why hacking for malicious, destructive purposes like destroying systems is rare(r)... well I would think that would be somewhat obvious from a common sense evaluation of it, but we could simply look at the political treatment of malicious hacking. NATO, for example, considers cyber warfare to be the same as regular warfare for the purposes of Article 5. And it goes without saying that "we can hack you too" is always a reality for any hacking done. Yeah, but all of those major hacks like OPM and Yahoo were found to be due to absurdly negligent security practices on behalf of the ones getting hacked. That actually strongly suggests that the financial transaction system and our national security comms are not really hackable. If they were, those people that went after Target and Home Depot would be salivating over the opportunity. Sure, negligent security practices play an important role in getting hacked - and of course in increasing the scope of what actually got hacked. Doesn't mean that any more secure targets can't be hacked. It's certainly not a "Wild West" of "anything out there can be hacked whenever you want" but it's very far from "nothing can be hacked if it has good security practices."
I'm trying to get you to prove "it's very far from 'nothing can be hacked if it has good security practices'".
I'm quite knowledgeable on cybersecurity, so I'm going to tell you right now that unless you really, REALLY know what you're talking about, you'd best just walk away from this debate.
|
On March 08 2017 03:10 ticklishmusic wrote:Show nested quote +On March 08 2017 03:06 Plansix wrote:On March 08 2017 02:56 LightSpectra wrote:On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. On March 08 2017 02:54 Plansix wrote:On March 08 2017 02:49 Acrofales wrote:On March 08 2017 02:42 Plansix wrote:On March 08 2017 02:35 LightSpectra wrote:On March 08 2017 02:31 Plansix wrote:On March 08 2017 02:09 LightSpectra wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. Sorry, that's really just not true. I really hope you don't work in IT for anything important. On March 08 2017 02:04 Plansix wrote:
We have been to soft on wikileaks and unwilling to deal with them head on. We had the ability to assert enough political pressure to deal with them a long time ago, but no one wanted to. Hopefully that will change, because they are not going away. Is this sarcasm? I would've thought you were a big WikiLeaks proponent. They are a third party organization of unknown affiliation that releases stolen information for their own personal enrichment. They are accountable to no one but their unknown backers. Even reporters citing anonymous sources can be held accountable for what they report and have served jail time for protecting a source. Wikileaks takes none of these risks while getting paid unknown amounts of money from unknown parties. I am not naïve enough to think they have my best interest in mind. Snowden is another matter. Although I supported him leaking some information, he also used that information to buy passage through Hong Kong and to Russia. And god knows what he traded to Russia to be able to stay there. Basically, speaking truth to power from safety does not impress me. The reporter who was jailed for protecting a source during the GW administration is far more impressive. For their own personal enrichment, lol. As everybody knows, Assange is currently living like royalty in that embassy he can't leave under threat of assassination. They have an NDA for their employees. https://www.wired.com/2011/05/nda-wikileaks/It specifically cites that they are not allowed to release information because it would diminish it's value. Assange is just one member of wikileaks. We don't know much else. How big is their staff? Where do they operate out out of? Who pays them? This is all information I would like to know. Wikileaks talks about forcing transparency on goverments and I only want the same level of transparency for wikileaks. That seems fair. Who watches the watchmen? Exactly. As powerful as the CIA and NSA are, the US citizens have far more power over them than wikileaks. We know where they operate. They have lists of employees and answer to the Senate and house. Wikileaks answers to god knows who? Leaks of information are fine, but I have no idea how long wikileaks has been camping on this information. It looks to be targeted at influencing the upcoming election in France. That isn't a free exchange of information and transparency. It is a targeted leak with a specific political goal in mind. Wikileaks isn't releasing information about people spying on the US. But I am 100% sure France spies on us. And you think it would be better if nobody knew, rather than WikiLeaks being strategic with their information and leaking when it would be most effective? I would prefer that the goverment put Samsung on blast for making TV with a mic on it that can be hacked into, but that didn't happen. But it isn't a zero sum game for me. I think the information is important, but I do not like how it is being weaponized against elections. Long term, this could be very damaging to the internet as we know it. Endless security isn't going to save us from this problem, especially in the "the internet of things" era. Right now it is just one group doing this. But what happens when every nation starts hacking every political party in the lead up to elections. We have endless leaks from unknown parties and a limited ability to vet that information. The internet of things means basically every device is a bug or a backdoor into another device which can be bugged. Wasn't there some hubbub about how wireless printers or something could be exploited awhile ago? We knew all this already. Color me surprised that intelligence agents are using all this stuff to, y'know, gather intelligence.
And once again, the tech industry all stands around shocked that this happened and can't believe the governments would do such a thing.
But please attend the next CES so they can show you their smart condom and trashcan.
|
On March 08 2017 03:10 Plansix wrote:Show nested quote +On March 08 2017 03:08 LightSpectra wrote:On March 08 2017 03:06 Plansix wrote:On March 08 2017 02:56 LightSpectra wrote:On March 08 2017 02:53 RealityIsKing wrote:On March 08 2017 02:44 Mohdoo wrote:On March 08 2017 02:43 RealityIsKing wrote:On March 08 2017 02:39 Mohdoo wrote:On March 08 2017 02:29 RealityIsKing wrote:On March 08 2017 02:12 Mohdoo wrote:
[quote]
And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. And yet banks still get hacked. You're confusing two different things. An individual being hacked is very different from a hacker gaining full access to the core databases. No, I just said that any system connected to a network can be hacked. You are just adding conditions to the argument which wasn't the premise in the first place. But core bank databases are connected to a network. And they can 100% be hacked too if you are able to grab the I/O and reverse engineering the encryption algorithm and masquerading your IP address to be the ones with permission. "reverse engineering the encryption algorithm", right... Since you're clearly a master cryptographer, perhaps you can tell me when your paper that describes vulnerabilities in Twofish is going to be published. You'll be heralded as a genius and probably become a multi-millionaire over night. On March 08 2017 02:54 Plansix wrote:On March 08 2017 02:49 Acrofales wrote:On March 08 2017 02:42 Plansix wrote:On March 08 2017 02:35 LightSpectra wrote:On March 08 2017 02:31 Plansix wrote:On March 08 2017 02:09 LightSpectra wrote:
[quote]
Sorry, that's really just not true. I really hope you don't work in IT for anything important.
[quote]
Is this sarcasm? I would've thought you were a big WikiLeaks proponent. They are a third party organization of unknown affiliation that releases stolen information for their own personal enrichment. They are accountable to no one but their unknown backers. Even reporters citing anonymous sources can be held accountable for what they report and have served jail time for protecting a source. Wikileaks takes none of these risks while getting paid unknown amounts of money from unknown parties. I am not naïve enough to think they have my best interest in mind. Snowden is another matter. Although I supported him leaking some information, he also used that information to buy passage through Hong Kong and to Russia. And god knows what he traded to Russia to be able to stay there. Basically, speaking truth to power from safety does not impress me. The reporter who was jailed for protecting a source during the GW administration is far more impressive. For their own personal enrichment, lol. As everybody knows, Assange is currently living like royalty in that embassy he can't leave under threat of assassination. They have an NDA for their employees. https://www.wired.com/2011/05/nda-wikileaks/It specifically cites that they are not allowed to release information because it would diminish it's value. Assange is just one member of wikileaks. We don't know much else. How big is their staff? Where do they operate out out of? Who pays them? This is all information I would like to know. Wikileaks talks about forcing transparency on goverments and I only want the same level of transparency for wikileaks. That seems fair. Who watches the watchmen? Exactly. As powerful as the CIA and NSA are, the US citizens have far more power over them than wikileaks. We know where they operate. They have lists of employees and answer to the Senate and house. Wikileaks answers to god knows who? Leaks of information are fine, but I have no idea how long wikileaks has been camping on this information. It looks to be targeted at influencing the upcoming election in France. That isn't a free exchange of information and transparency. It is a targeted leak with a specific political goal in mind. Wikileaks isn't releasing information about people spying on the US. But I am 100% sure France spies on us. And you think it would be better if nobody knew, rather than WikiLeaks being strategic with their information and leaking when it would be most effective? I would prefer that the goverment put Samsung on blast for making TV with a mic on it that can be hacked into, but that didn't happen. But it isn't a zero sum game for me. I think the information is important, but I do not like how it is being weaponized against elections. Long term, this could be very damaging to the internet as we know it. Endless security isn't going to save us from this problem, especially in the "the internet of things" era. Right now it is just one group doing this. But what happens when every nation starts hacking every political party in the lead up to elections. We have endless leaks from unknown parties and a limited ability to vet that information. I agree with you 100% that the negligent security practices around the IoT/smart world is appalling and a major cause for concern. But we have two options here, either governments can hoard all of the known exploits and then we can live under them like peasants in a fascist regime, or people like WikiLeaks can leak them so we can all be safe together. I reject your binary option. We have more options. That exploit could have been discovered by someone else and released publicly.
But it wasn't. Finding exploits isn't like having a metal detector at the beach, and that given enough go-arounds every quarter will be found eventually.
Some software/hardware exploits are based around having an unreleased, private knowledge about how some mechanics work. For example, Intel's IME technology is closed-source, private schematics. If there was a backdoor, nobody would know except whoever designed it at Intel and whoever they shared it with. And that's something that's in just about every computer nowadays.
|
There were reports coming out of France of various groups hacking them. The hacks were apparently coming mainly from a hacking group based in Ukraine source. Maybe the CIA is using Ukraine as an UMBRAGE proxy? Could of course just as easily be Russia as well.
Either way, I really wish the CIA would use their knowledge to help patch the leaks they find and make the digital world a safer place for EVERYONE, rather than find leaks and basically play the role of the unethical hacker. I mean, if they can find & abuse the leaks, so can everyone else. I don't think the CIA is making America a safer place by leaving obvious faults in software open, rather than working to close them.
|
On March 08 2017 03:12 LightSpectra wrote:Show nested quote +On March 08 2017 03:09 LegalLord wrote:On March 08 2017 03:04 LightSpectra wrote:On March 08 2017 03:00 LegalLord wrote:On March 08 2017 02:49 LightSpectra wrote:On March 08 2017 02:45 LegalLord wrote:On March 08 2017 02:23 LightSpectra wrote:On March 08 2017 02:16 LegalLord wrote:On March 08 2017 02:12 Mohdoo wrote:On March 08 2017 02:04 RealityIsKing wrote:
Anyone works in IT already know once you are connected to a network, anything is hackable. And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. While true, none of those things remain unhacked. Many are of the "steal some coinage" variety but also espionage. Malicious destructive hacks are rare, of course, because national governments that hack each other would receive some pretty hefty retaliation. I really don't think you have any idea what you're talking about. Well, good for you. You're wrong. Go ahead and add something more than one-liners if you have some "depth" to add to the discussion rather than simply talking about how no one else knows what they're talking about. Very well. Your claim seems to be that national government hacks (and I suppose also financial systems) are very possible, it's just that most governments don't bother because it would be too destructive. What is your evidence for that claim? I suppose the most direct evidence that you can hack financial systems and "national governments" (well I meant in the sense that "nation-states hack each other" because "national government" isn't any one cyber entity) is that such hacks actually exist. The Russians hacked US financial systems before, for the purpose of studying the way the financial market functions. Hacking banks is a rather well-known reality, as perhaps the point RisK made would indicate. Various agencies in the government, e.g. the OPM (China hack) have been recorded as well. Regarding why hacking for malicious, destructive purposes like destroying systems is rare(r)... well I would think that would be somewhat obvious from a common sense evaluation of it, but we could simply look at the political treatment of malicious hacking. NATO, for example, considers cyber warfare to be the same as regular warfare for the purposes of Article 5. And it goes without saying that "we can hack you too" is always a reality for any hacking done. Yeah, but all of those major hacks like OPM and Yahoo were found to be due to absurdly negligent security practices on behalf of the ones getting hacked. That actually strongly suggests that the financial transaction system and our national security comms are not really hackable. If they were, those people that went after Target and Home Depot would be salivating over the opportunity. Sure, negligent security practices play an important role in getting hacked - and of course in increasing the scope of what actually got hacked. Doesn't mean that any more secure targets can't be hacked. It's certainly not a "Wild West" of "anything out there can be hacked whenever you want" but it's very far from "nothing can be hacked if it has good security practices." I'm trying to get you to prove "it's very far from 'nothing can be hacked if it has good security practices'". I'm quite knowledgeable on cybersecurity, so I'm going to tell you right now that unless you really, REALLY know what you're talking about, you'd best just walk away from this debate.
Your knowledge has been proven in the form of one-liners that tell everyone that you know what you're talking about, and that's it.
I mean, you're trying to prove that "systems that are secured by people with good security practices cannot be hacked" which is patently absurd. That or you're constantly changing the goalposts to argue about something no one really can be sure of. You have proved it by giving one-liners implying that you disagree with all people and only you know what you are talking about.
Want to prove things are unhackable? Go for it.
|
United States44137 Posts
On March 07 2017 23:06 LightSpectra wrote:Show nested quote +On March 07 2017 15:13 Danglars wrote:On March 07 2017 13:48 xDaunt wrote:On March 07 2017 13:44 Mohdoo wrote:On March 07 2017 13:37 xDaunt wrote:On March 07 2017 13:34 Mohdoo wrote:On March 07 2017 13:16 xDaunt wrote:
The GOP healthcare bill is basically one last attempt to salvage a predominantly privatized health insurance system. I doubt it will work, because the soft penalties on failing to sign up for health insurance aren't enough to coerce the healthy population to sign up. Once you mandate coverage for preexisting conditions, the whole concept of health insurance goes out the window. It feels like you're saying preexisting conditions isn't something that should be covered. Am I wrong here? In a privatized health insurance system, they should not be covered. So how do we prevent someone from essentially dying because they happened to get laid off after being sick? In a private system, the old coverage pays for the care for any condition arising before the termination of coverage. Any new coverage will take care of any condition arising after the adoption of the new coverage. As long as there's no gap in coverage, then the subject person is covered. Of course, this requires personal fiscal responsibility, which we no longer expect of people in this country. Personal anything responsibility is like advocating slavery these days. But pre-existing conditions coverage and granny getting laid off and missing a payment just before the cancer diagnosis is the bedrock foundation of health insurance systems these days. Social Darwinism rears its ugly head again. Repeat after me: poverty is not a choice. Almost nobody chooses to be poor. Uninsured poor people aren't so because they're lazy.
I was helping a guy with his taxes and told him that he could either get $1700 back or he could get $2700 back but he'd have to put $1100 of it in a retirement account. He chose the $1700. I begged. I even explained that he could cash out the $1100 in May with a 10% penalty (+ taxes owed on it so assume only $900ish value) so really it was $1700 now or $2500 in May.
That guy didn't choose to have whatever experiences led him to that particular point in his life but he did choose to make himself poorer. But sure, the root cause is probably related to a lack of education and instability in the household growing up causing obsessive short term thinking.
|
On March 08 2017 03:17 KwarK wrote:Show nested quote +On March 07 2017 23:06 LightSpectra wrote:On March 07 2017 15:13 Danglars wrote:On March 07 2017 13:48 xDaunt wrote:On March 07 2017 13:44 Mohdoo wrote:On March 07 2017 13:37 xDaunt wrote:On March 07 2017 13:34 Mohdoo wrote:On March 07 2017 13:16 xDaunt wrote:
The GOP healthcare bill is basically one last attempt to salvage a predominantly privatized health insurance system. I doubt it will work, because the soft penalties on failing to sign up for health insurance aren't enough to coerce the healthy population to sign up. Once you mandate coverage for preexisting conditions, the whole concept of health insurance goes out the window. It feels like you're saying preexisting conditions isn't something that should be covered. Am I wrong here? In a privatized health insurance system, they should not be covered. So how do we prevent someone from essentially dying because they happened to get laid off after being sick? In a private system, the old coverage pays for the care for any condition arising before the termination of coverage. Any new coverage will take care of any condition arising after the adoption of the new coverage. As long as there's no gap in coverage, then the subject person is covered. Of course, this requires personal fiscal responsibility, which we no longer expect of people in this country. Personal anything responsibility is like advocating slavery these days. But pre-existing conditions coverage and granny getting laid off and missing a payment just before the cancer diagnosis is the bedrock foundation of health insurance systems these days. Social Darwinism rears its ugly head again. Repeat after me: poverty is not a choice. Almost nobody chooses to be poor. Uninsured poor people aren't so because they're lazy. I was helping a guy with his taxes and told him that he could either get $1700 back or he could get $2700 back but he'd have to put $1100 of it in a retirement account. He chose the $1700. I begged. I even explained that he could cash out the $1100 in May with a 10% penalty (+ taxes owed on it so assume only $900ish value) so really it was $1700 now or $2500 in May. That guy didn't choose to have whatever experiences led him to that particular point in his life but he did choose to make himself poorer. But sure, the root cause is probably related to a lack of education and instability in the household growing up causing obsessive short term thinking.
Poorer people are worse with money, IME. Especially in the US where becoming moderately wealthy requires little more than a useful degree and not being a moron.
|
On March 08 2017 03:15 a_flayer wrote:There were reports coming out of France of various groups hacking them. The hacks were apparently coming mainly from a hacking group based in Ukraine source. Maybe the CIA is using Ukraine as an UMBRAGE proxy? Could of course just as easily be Russia as well. Either way, I really wish the CIA would use their knowledge to help patch the leaks they find and make the digital world a safer place for EVERYONE, rather than find leaks and basically play the role of the unethical hacker. I mean, if they can find & abuse the leaks, so can everyone else. I don't think the CIA making America a safer place by leaving obvious faults in software open, rather than working to close them.
This is likely why Wikileaks decided to dump this information. Now any hack can be be blamed on the CIA if discovered. Any hacking attempt that someone claims is coming from China, Russia or someplace else will always have the doubt that the CIA is attempting to frame that country.
|
On March 08 2017 03:16 LegalLord wrote:Show nested quote +On March 08 2017 03:12 LightSpectra wrote:On March 08 2017 03:09 LegalLord wrote:On March 08 2017 03:04 LightSpectra wrote:On March 08 2017 03:00 LegalLord wrote:On March 08 2017 02:49 LightSpectra wrote:On March 08 2017 02:45 LegalLord wrote:On March 08 2017 02:23 LightSpectra wrote:On March 08 2017 02:16 LegalLord wrote:On March 08 2017 02:12 Mohdoo wrote:
[quote]
And yet we have a functional stock market and banking system connected to the internet. This isn't true. Security exists and can be effective. While true, none of those things remain unhacked. Many are of the "steal some coinage" variety but also espionage. Malicious destructive hacks are rare, of course, because national governments that hack each other would receive some pretty hefty retaliation. I really don't think you have any idea what you're talking about. Well, good for you. You're wrong. Go ahead and add something more than one-liners if you have some "depth" to add to the discussion rather than simply talking about how no one else knows what they're talking about. Very well. Your claim seems to be that national government hacks (and I suppose also financial systems) are very possible, it's just that most governments don't bother because it would be too destructive. What is your evidence for that claim? I suppose the most direct evidence that you can hack financial systems and "national governments" (well I meant in the sense that "nation-states hack each other" because "national government" isn't any one cyber entity) is that such hacks actually exist. The Russians hacked US financial systems before, for the purpose of studying the way the financial market functions. Hacking banks is a rather well-known reality, as perhaps the point RisK made would indicate. Various agencies in the government, e.g. the OPM (China hack) have been recorded as well. Regarding why hacking for malicious, destructive purposes like destroying systems is rare(r)... well I would think that would be somewhat obvious from a common sense evaluation of it, but we could simply look at the political treatment of malicious hacking. NATO, for example, considers cyber warfare to be the same as regular warfare for the purposes of Article 5. And it goes without saying that "we can hack you too" is always a reality for any hacking done. Yeah, but all of those major hacks like OPM and Yahoo were found to be due to absurdly negligent security practices on behalf of the ones getting hacked. That actually strongly suggests that the financial transaction system and our national security comms are not really hackable. If they were, those people that went after Target and Home Depot would be salivating over the opportunity. Sure, negligent security practices play an important role in getting hacked - and of course in increasing the scope of what actually got hacked. Doesn't mean that any more secure targets can't be hacked. It's certainly not a "Wild West" of "anything out there can be hacked whenever you want" but it's very far from "nothing can be hacked if it has good security practices." I'm trying to get you to prove "it's very far from 'nothing can be hacked if it has good security practices'". I'm quite knowledgeable on cybersecurity, so I'm going to tell you right now that unless you really, REALLY know what you're talking about, you'd best just walk away from this debate. Your knowledge has been proven in the form of one-liners that tell everyone that you know what you're talking about, and that's it. I mean, you're trying to prove that "systems that are secured by people with good security practices cannot be hacked" which is patently absurd. You have proved it by giving one-liners implying that you disagree with all people and only you know what you are talking about. Want to prove it? Go for it.
Why do you think this: "I mean, you're trying to prove that "systems that are secured by people with good security practices cannot be hacked" which is patently absurd."
You're asking me to refute your proof-less allegations for you.
I will admit right now that a lot of the things that I'm deeming to be practically unhackable are not theoretically unhackable. But in the near future we will have lots of technologies widely available that is both practically and theoretically unhackable. For instance, the blockchain tech developed by IBM (first used for Bitcoin) that will replace our conventional financial transaction system will be one such example.
|
|
|
|
|
|
EPT
